I don't quite follow the LibreSSL. OpenSSL now has two full-time developers through funding from Linux Foundation, and Open Crypto Audit Project has funding for doing a audit of the code: http://www.linuxfoundation.org/news-med ... ew-backers. While LibreSSL made sense before the Linux Foundation could get the funding arranged, what sense does it make now? There are no full-time developers working on LibreSSL I think, nor is the code being audited by anybody but the developers. Why don't the LibreSSL developers join effort on OpenSSL? They have a clean roadmap: https://www.openssl.org/about/roadmap.html. It seems to be tackling the same stuff...

I'll be sticking with OpenSSL till it's clear what exactly LibreSSL improves security wise and how it is a long-term viable solution that doesn't fall into disarray once the developers' interest wanes. Long-term OpenSSL seems to be in a healthier position, with long-term commitment and funding from the industry.

I've heard that libressl offer better compactness and portability between multiple platform. at this moment I haven't heard any linux distro using libressl yet but it might changed when BSD officially switching into libressl.

BSD* usually suggest they have a more structured approach to code development and therefor can offer better guarantee of Quality--from your link: ref the BSD developer

None of this should come as a surprise to anyone who has been following the fallout from the Heartbleed vulnerability scandal. Most of the same issues were raised by de Raadt – albeit less politely – when he decided to fork OpenSSL as LibReSSL in April

LibreSSL is not without its own faults. Article showing how LibreSSL is unsafe to use on Linux: https://www.agwa.name/blog/post/libress ... e_on_linux. As might have been expected with the chest pounding from the LibreSSL camp about all the code they have been removing; they've removed too much in this case.